[rbldnsd] "Lame" Miirror
Amos Jeffries
amos at treenetnz.com
Sat Aug 5 08:03:48 MSD 2006
I encountered this in setting up some blind-master in bind a while ago.
I am still not certain that I'm right, but I came to the conclusion that
bind checked the NS fields for the RR against the claimed AA flag. If a
server not listed in the NS or locally permitted was replying as master it
would log lame warnings.
I'm not certain of this since its been nearly a year since I saw it, but its
an avenue to check.
AYJ
----- Original Message -----
From: "David Cary Hart" <RBLDNSD at TQMcube.com>
To: <rbldnsd at corpit.ru>
Sent: Saturday, August 05, 2006 8:54 AM
Subject: Re: [rbldnsd] "Lame" Miirror
> On Sat, 05 Aug 2006 00:15:09 +0400, Michael Tokarev <mjt at tls.msk.ru>
> opined:
>
> Hi Michael and thanks for the reply:
>
>> David Cary Hart wrote:
>> > A new mirror running bind and rbldnsd:
>> >
>> > Aug 4 10:44:46 tqmcube named[366]: lame server resolving
>> > '40.220.17.65.dnsbl.tqmcube.com' (in 'dnsbl.tqmcube.com'?):
>> > 213.239.195.182#53
>>
>> Can you please be more specific? How exactly it is "running
>> bind and rbldnsd" ?
>
> Apparently on the same machine.
>
>> Both at the same time? How 'tqmqube' host
>> (from which the above logging comes) is related to all this?
>
> That's a query from my mail server. I was simply demonstrating that
> RBLDNSD is working - it always does -;) It requires a specific query.
>>
>> > It will answer queries directly but doesn't seem to take a
>> > portion of queries from the pool.
>>
>> >From what I can see, 213.239.195.182 is running bind, and it
>> is NOT authoritative for the zone in question, ie, it is taking
>> answers from other two nameservers (mirror1 and mirror3). It
>> is shown in both reply flags (no `aa' flag), and in decreasing
>> TTL in replies.
>
> Sorry. I should have been more specific. It is mirror3. mirror1 and
> mirror2 are different servers in California and NY respectively.
>>
>> I'm not sure when bind (the resolver client, not the server)
>> will log 'lame server'
>
> Neither am I. I get the same result from DNSstuff.com.
>
>>- but lack of 'aa' flag (authoritative
>> answer) in header is sure a possibility. Ditto for "taking
>> a portion of queries" for a "lame" nameserver.
>>
>> In any way, it should return authoritative answer.
>
> What I hope to learn is if anyone else experienced similar behavior -
> and how they fixed it. Interestingly. I just noticed that ORDB has a
> similar problem:
>
> Aug 4 15:50:24 tqmcube named[366]: lame server resolving
> '47.21.161.66.relays.ordb.org' (in 'relays.ordb.ORG'?):
> 205.139.192.54#53. Indeed DNSreports shows three lame servers.
>
> Looks like I have some pondering to do.
> --
> "Black Hole": The economic effect of administering a DNSBL
> Our DNSBL - Eliminate Spam at the Source: http://www.TQMcube.com
> Don't Subsidize Criminals: http://boulderpledge.org
> _______________________________________________
> rbldnsd mailing list
> rbldnsd at corpit.ru
> http://www.corpit.ru/mailman/listinfo/rbldnsd
>
More information about the rbldnsd
mailing list